PyPI - qontract-reconcile - Versions diffs - 0.10.0__py3-none-any.whl → 0.10.1.dev1203__py3-none-any.whl - Mend

qontract-reconcile 0.10.0py3-none-any.whl → 0.10.1.dev1203py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (844) hide show

qontract_reconcile-0.10.1.dev1203.dist-info/METADATA +500 -0
qontract_reconcile-0.10.1.dev1203.dist-info/RECORD +771 -0
{qontract_reconcile-0.10.0.dist-info → qontract_reconcile-0.10.1.dev1203.dist-info}/WHEEL +1 -2
{qontract_reconcile-0.10.0.dist-info → qontract_reconcile-0.10.1.dev1203.dist-info}/entry_points.txt +4 -2
reconcile/acs_notifiers.py +126 -0
reconcile/acs_policies.py +243 -0
reconcile/acs_rbac.py +596 -0
reconcile/aus/advanced_upgrade_service.py +621 -8
reconcile/aus/aus_label_source.py +115 -0
reconcile/aus/base.py +1053 -353
reconcile/{utils → aus}/cluster_version_data.py +27 -12
reconcile/aus/healthchecks.py +77 -0
reconcile/aus/metrics.py +158 -0
reconcile/aus/models.py +245 -5
reconcile/aus/node_pool_spec.py +35 -0
reconcile/aus/ocm_addons_upgrade_scheduler_org.py +225 -110
reconcile/aus/ocm_upgrade_scheduler.py +76 -71
reconcile/aus/ocm_upgrade_scheduler_org.py +81 -23
reconcile/aus/version_gate_approver.py +204 -0
reconcile/aus/version_gates/__init__.py +12 -0
reconcile/aus/version_gates/handler.py +33 -0
reconcile/aus/version_gates/ingress_gate_handler.py +32 -0
reconcile/aus/version_gates/ocp_gate_handler.py +26 -0
reconcile/aus/version_gates/sts_version_gate_handler.py +100 -0
reconcile/aws_account_manager/README.md +5 -0
reconcile/aws_account_manager/integration.py +373 -0
reconcile/aws_account_manager/merge_request_manager.py +114 -0
reconcile/aws_account_manager/metrics.py +39 -0
reconcile/aws_account_manager/reconciler.py +403 -0
reconcile/aws_account_manager/utils.py +41 -0
reconcile/aws_ami_cleanup/integration.py +273 -0
reconcile/aws_ami_share.py +18 -14
reconcile/aws_cloudwatch_log_retention/integration.py +253 -0
reconcile/aws_iam_keys.py +1 -1
reconcile/aws_iam_password_reset.py +56 -20
reconcile/aws_saml_idp/integration.py +204 -0
reconcile/aws_saml_roles/integration.py +322 -0
reconcile/aws_support_cases_sos.py +2 -2
reconcile/aws_version_sync/integration.py +430 -0
reconcile/aws_version_sync/merge_request_manager/merge_request.py +156 -0
reconcile/aws_version_sync/merge_request_manager/merge_request_manager.py +160 -0
reconcile/aws_version_sync/utils.py +64 -0
reconcile/blackbox_exporter_endpoint_monitoring.py +2 -5
reconcile/change_owners/README.md +34 -0
reconcile/change_owners/approver.py +7 -9
reconcile/change_owners/bundle.py +134 -9
reconcile/change_owners/change_log_tracking.py +236 -0
reconcile/change_owners/change_owners.py +204 -194
reconcile/change_owners/change_types.py +183 -265
reconcile/change_owners/changes.py +488 -0
reconcile/change_owners/decision.py +120 -41
reconcile/change_owners/diff.py +63 -92
reconcile/change_owners/implicit_ownership.py +19 -16
reconcile/change_owners/self_service_roles.py +158 -35
reconcile/change_owners/tester.py +20 -18
reconcile/checkpoint.py +4 -6
reconcile/cli.py +1523 -242
reconcile/closedbox_endpoint_monitoring_base.py +10 -17
reconcile/cluster_auth_rhidp/integration.py +257 -0
reconcile/cluster_deployment_mapper.py +2 -5
reconcile/cna/assets/asset.py +4 -7
reconcile/cna/assets/null.py +2 -5
reconcile/cna/integration.py +2 -3
reconcile/cna/state.py +6 -9
reconcile/dashdotdb_base.py +31 -10
reconcile/dashdotdb_cso.py +3 -6
reconcile/dashdotdb_dora.py +530 -0
reconcile/dashdotdb_dvo.py +10 -13
reconcile/dashdotdb_slo.py +75 -19
reconcile/database_access_manager.py +753 -0
reconcile/deadmanssnitch.py +207 -0
reconcile/dynatrace_token_provider/dependencies.py +69 -0
reconcile/dynatrace_token_provider/integration.py +656 -0
reconcile/dynatrace_token_provider/metrics.py +62 -0
reconcile/dynatrace_token_provider/model.py +14 -0
reconcile/dynatrace_token_provider/ocm.py +140 -0
reconcile/dynatrace_token_provider/validate.py +48 -0
reconcile/endpoints_discovery/integration.py +348 -0
reconcile/endpoints_discovery/merge_request.py +96 -0
reconcile/endpoints_discovery/merge_request_manager.py +178 -0
reconcile/external_resources/aws.py +204 -0
reconcile/external_resources/factories.py +163 -0
reconcile/external_resources/integration.py +194 -0
reconcile/external_resources/integration_secrets_sync.py +47 -0
reconcile/external_resources/manager.py +405 -0
reconcile/external_resources/meta.py +17 -0
reconcile/external_resources/metrics.py +95 -0
reconcile/external_resources/model.py +350 -0
reconcile/external_resources/reconciler.py +265 -0
reconcile/external_resources/secrets_sync.py +465 -0
reconcile/external_resources/state.py +258 -0
reconcile/gabi_authorized_users.py +19 -11
reconcile/gcr_mirror.py +43 -34
reconcile/github_org.py +4 -6
reconcile/github_owners.py +1 -1
reconcile/github_repo_invites.py +2 -5
reconcile/gitlab_fork_compliance.py +14 -13
reconcile/gitlab_housekeeping.py +185 -91
reconcile/gitlab_labeler.py +15 -14
reconcile/gitlab_members.py +126 -120
reconcile/gitlab_owners.py +53 -66
reconcile/gitlab_permissions.py +167 -6
reconcile/glitchtip/README.md +150 -0
reconcile/glitchtip/integration.py +99 -51
reconcile/glitchtip/reconciler.py +99 -70
reconcile/glitchtip_project_alerts/__init__.py +0 -0
reconcile/glitchtip_project_alerts/integration.py +333 -0
reconcile/glitchtip_project_dsn/integration.py +43 -43
reconcile/gql_definitions/acs/__init__.py +0 -0
reconcile/gql_definitions/acs/acs_instances.py +83 -0
reconcile/gql_definitions/acs/acs_policies.py +239 -0
reconcile/gql_definitions/acs/acs_rbac.py +111 -0
reconcile/gql_definitions/advanced_upgrade_service/aus_clusters.py +46 -8
reconcile/gql_definitions/advanced_upgrade_service/aus_organization.py +38 -8
reconcile/gql_definitions/app_interface_metrics_exporter/__init__.py +0 -0
reconcile/gql_definitions/app_interface_metrics_exporter/onboarding_status.py +61 -0
reconcile/gql_definitions/aws_account_manager/__init__.py +0 -0
reconcile/gql_definitions/aws_account_manager/aws_accounts.py +177 -0
reconcile/gql_definitions/aws_ami_cleanup/__init__.py +0 -0
reconcile/gql_definitions/aws_ami_cleanup/aws_accounts.py +161 -0
reconcile/gql_definitions/aws_saml_idp/__init__.py +0 -0
reconcile/gql_definitions/aws_saml_idp/aws_accounts.py +117 -0
reconcile/gql_definitions/aws_saml_roles/__init__.py +0 -0
reconcile/gql_definitions/aws_saml_roles/aws_accounts.py +117 -0
reconcile/gql_definitions/aws_saml_roles/roles.py +97 -0
reconcile/gql_definitions/aws_version_sync/__init__.py +0 -0
reconcile/gql_definitions/aws_version_sync/clusters.py +83 -0
reconcile/gql_definitions/aws_version_sync/namespaces.py +143 -0
reconcile/gql_definitions/change_owners/queries/change_types.py +16 -29
reconcile/gql_definitions/change_owners/queries/self_service_roles.py +45 -11
reconcile/gql_definitions/cluster_auth_rhidp/__init__.py +0 -0
reconcile/gql_definitions/cluster_auth_rhidp/clusters.py +128 -0
reconcile/gql_definitions/cna/queries/cna_provisioners.py +6 -8
reconcile/gql_definitions/cna/queries/cna_resources.py +3 -5
reconcile/gql_definitions/common/alerting_services_settings.py +2 -2
reconcile/gql_definitions/common/app_code_component_repos.py +9 -5
reconcile/gql_definitions/{glitchtip/glitchtip_settings.py → common/app_interface_custom_messages.py} +14 -16
reconcile/gql_definitions/common/app_interface_dms_settings.py +86 -0
reconcile/gql_definitions/common/app_interface_repo_settings.py +2 -2
reconcile/gql_definitions/common/app_interface_state_settings.py +3 -5
reconcile/gql_definitions/common/app_interface_vault_settings.py +3 -5
reconcile/gql_definitions/common/app_quay_repos_escalation_policies.py +120 -0
reconcile/gql_definitions/common/apps.py +72 -0
reconcile/gql_definitions/common/aws_vpc_requests.py +109 -0
reconcile/gql_definitions/common/aws_vpcs.py +84 -0
reconcile/gql_definitions/common/clusters.py +120 -254
reconcile/gql_definitions/common/clusters_minimal.py +11 -35
reconcile/gql_definitions/common/clusters_with_dms.py +72 -0
reconcile/gql_definitions/common/clusters_with_peering.py +70 -98
reconcile/gql_definitions/common/github_orgs.py +2 -2
reconcile/gql_definitions/common/jira_settings.py +68 -0
reconcile/gql_definitions/common/jiralert_settings.py +68 -0
reconcile/gql_definitions/common/namespaces.py +74 -32
reconcile/gql_definitions/common/namespaces_minimal.py +4 -10
reconcile/gql_definitions/common/ocm_env_telemeter.py +95 -0
reconcile/gql_definitions/common/ocm_environments.py +4 -2
reconcile/gql_definitions/common/pagerduty_instances.py +5 -5
reconcile/gql_definitions/common/pgp_reencryption_settings.py +5 -11
reconcile/gql_definitions/common/pipeline_providers.py +45 -90
reconcile/gql_definitions/common/quay_instances.py +64 -0
reconcile/gql_definitions/common/quay_orgs.py +68 -0
reconcile/gql_definitions/common/reserved_networks.py +94 -0
reconcile/gql_definitions/common/saas_files.py +133 -95
reconcile/gql_definitions/common/saas_target_namespaces.py +41 -26
reconcile/gql_definitions/common/saasherder_settings.py +2 -2
reconcile/gql_definitions/common/slack_workspaces.py +62 -0
reconcile/gql_definitions/common/smtp_client_settings.py +2 -2
reconcile/gql_definitions/common/state_aws_account.py +77 -0
reconcile/gql_definitions/common/users.py +3 -2
reconcile/gql_definitions/cost_report/__init__.py +0 -0
reconcile/gql_definitions/cost_report/app_names.py +68 -0
reconcile/gql_definitions/cost_report/cost_namespaces.py +86 -0
reconcile/gql_definitions/cost_report/settings.py +77 -0
reconcile/gql_definitions/dashdotdb_slo/slo_documents_query.py +42 -12
reconcile/gql_definitions/dynatrace_token_provider/__init__.py +0 -0
reconcile/gql_definitions/dynatrace_token_provider/dynatrace_bootstrap_tokens.py +79 -0
reconcile/gql_definitions/dynatrace_token_provider/token_specs.py +84 -0
reconcile/gql_definitions/endpoints_discovery/__init__.py +0 -0
reconcile/gql_definitions/endpoints_discovery/namespaces.py +127 -0
reconcile/gql_definitions/external_resources/__init__.py +0 -0
reconcile/gql_definitions/external_resources/aws_accounts.py +73 -0
reconcile/gql_definitions/external_resources/external_resources_modules.py +78 -0
reconcile/gql_definitions/external_resources/external_resources_namespaces.py +1111 -0
reconcile/gql_definitions/external_resources/external_resources_settings.py +98 -0
reconcile/gql_definitions/fragments/aus_organization.py +34 -39
reconcile/gql_definitions/fragments/aws_account_common.py +62 -0
reconcile/gql_definitions/fragments/aws_account_managed.py +57 -0
reconcile/gql_definitions/fragments/aws_account_sso.py +35 -0
reconcile/gql_definitions/fragments/aws_infra_management_account.py +2 -2
reconcile/gql_definitions/fragments/aws_vpc.py +47 -0
reconcile/gql_definitions/fragments/aws_vpc_request.py +65 -0
reconcile/gql_definitions/fragments/aws_vpc_request_subnet.py +29 -0
reconcile/gql_definitions/fragments/deplopy_resources.py +7 -7
reconcile/gql_definitions/fragments/disable.py +28 -0
reconcile/gql_definitions/fragments/jumphost_common_fields.py +2 -2
reconcile/gql_definitions/fragments/membership_source.py +47 -0
reconcile/gql_definitions/fragments/minimal_ocm_organization.py +29 -0
reconcile/gql_definitions/fragments/oc_connection_cluster.py +4 -9
reconcile/gql_definitions/fragments/ocm_environment.py +5 -5
reconcile/gql_definitions/fragments/pipeline_provider_retention.py +30 -0
reconcile/gql_definitions/fragments/prometheus_instance.py +48 -0
reconcile/gql_definitions/fragments/resource_limits_requirements.py +29 -0
reconcile/gql_definitions/fragments/{resource_requirements.py → resource_requests_requirements.py} +3 -3
reconcile/gql_definitions/fragments/resource_values.py +2 -2
reconcile/gql_definitions/fragments/saas_target_namespace.py +55 -12
reconcile/gql_definitions/fragments/serviceaccount_token.py +38 -0
reconcile/gql_definitions/fragments/terraform_state.py +36 -0
reconcile/gql_definitions/fragments/upgrade_policy.py +5 -3
reconcile/gql_definitions/fragments/user.py +3 -2
reconcile/gql_definitions/fragments/vault_secret.py +2 -2
reconcile/gql_definitions/gitlab_members/gitlab_instances.py +6 -2
reconcile/gql_definitions/gitlab_members/permissions.py +3 -5
reconcile/gql_definitions/glitchtip/glitchtip_instance.py +16 -2
reconcile/gql_definitions/glitchtip/glitchtip_project.py +22 -23
reconcile/gql_definitions/glitchtip_project_alerts/__init__.py +0 -0
reconcile/gql_definitions/glitchtip_project_alerts/glitchtip_project.py +173 -0
reconcile/gql_definitions/integrations/integrations.py +62 -45
reconcile/gql_definitions/introspection.json +51176 -0
reconcile/gql_definitions/jenkins_configs/jenkins_configs.py +13 -5
reconcile/gql_definitions/jenkins_configs/jenkins_instances.py +79 -0
reconcile/gql_definitions/jira/__init__.py +0 -0
reconcile/gql_definitions/jira/jira_servers.py +80 -0
reconcile/gql_definitions/jira_permissions_validator/__init__.py +0 -0
reconcile/gql_definitions/jira_permissions_validator/jira_boards_for_permissions_validator.py +131 -0
reconcile/gql_definitions/jumphosts/jumphosts.py +3 -5
reconcile/gql_definitions/ldap_groups/__init__.py +0 -0
reconcile/gql_definitions/ldap_groups/roles.py +111 -0
reconcile/gql_definitions/ldap_groups/settings.py +79 -0
reconcile/gql_definitions/maintenance/__init__.py +0 -0
reconcile/gql_definitions/maintenance/maintenances.py +101 -0
reconcile/gql_definitions/membershipsources/__init__.py +0 -0
reconcile/gql_definitions/membershipsources/roles.py +112 -0
reconcile/gql_definitions/ocm_labels/__init__.py +0 -0
reconcile/gql_definitions/ocm_labels/clusters.py +112 -0
reconcile/gql_definitions/ocm_labels/organizations.py +78 -0
reconcile/gql_definitions/ocm_subscription_labels/__init__.py +0 -0
reconcile/gql_definitions/openshift_cluster_bots/__init__.py +0 -0
reconcile/gql_definitions/openshift_cluster_bots/clusters.py +126 -0
reconcile/gql_definitions/openshift_groups/managed_groups.py +2 -2
reconcile/gql_definitions/openshift_groups/managed_roles.py +3 -2
reconcile/gql_definitions/openshift_serviceaccount_tokens/__init__.py +0 -0
reconcile/gql_definitions/openshift_serviceaccount_tokens/tokens.py +132 -0
reconcile/gql_definitions/quay_membership/quay_membership.py +3 -5
reconcile/gql_definitions/rhidp/__init__.py +0 -0
reconcile/gql_definitions/rhidp/organizations.py +96 -0
reconcile/gql_definitions/service_dependencies/jenkins_instance_fragment.py +2 -2
reconcile/gql_definitions/service_dependencies/service_dependencies.py +9 -31
reconcile/gql_definitions/sharding/aws_accounts.py +2 -2
reconcile/gql_definitions/sharding/ocm_organization.py +63 -0
reconcile/gql_definitions/skupper_network/site_controller_template.py +2 -2
reconcile/gql_definitions/skupper_network/skupper_networks.py +12 -38
reconcile/gql_definitions/slack_usergroups/clusters.py +2 -2
reconcile/gql_definitions/slack_usergroups/permissions.py +8 -15
reconcile/gql_definitions/slack_usergroups/users.py +3 -2
reconcile/gql_definitions/slo_documents/__init__.py +0 -0
reconcile/gql_definitions/slo_documents/slo_documents.py +142 -0
reconcile/gql_definitions/status_board/__init__.py +0 -0
reconcile/gql_definitions/status_board/status_board.py +163 -0
reconcile/gql_definitions/statuspage/statuspages.py +56 -7
reconcile/gql_definitions/templating/__init__.py +0 -0
reconcile/gql_definitions/templating/template_collection.py +130 -0
reconcile/gql_definitions/templating/templates.py +108 -0
reconcile/gql_definitions/terraform_cloudflare_dns/app_interface_cloudflare_dns_settings.py +4 -8
reconcile/gql_definitions/terraform_cloudflare_dns/terraform_cloudflare_zones.py +8 -8
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_accounts.py +6 -8
reconcile/gql_definitions/terraform_cloudflare_resources/terraform_cloudflare_resources.py +45 -56
reconcile/gql_definitions/terraform_cloudflare_users/app_interface_setting_cloudflare_and_vault.py +4 -8
reconcile/gql_definitions/terraform_cloudflare_users/terraform_cloudflare_roles.py +4 -8
reconcile/gql_definitions/terraform_init/__init__.py +0 -0
reconcile/gql_definitions/terraform_init/aws_accounts.py +93 -0
reconcile/gql_definitions/terraform_repo/__init__.py +0 -0
reconcile/gql_definitions/terraform_repo/terraform_repo.py +141 -0
reconcile/gql_definitions/terraform_resources/database_access_manager.py +158 -0
reconcile/gql_definitions/terraform_resources/terraform_resources_namespaces.py +153 -162
reconcile/gql_definitions/terraform_tgw_attachments/__init__.py +0 -0
reconcile/gql_definitions/terraform_tgw_attachments/aws_accounts.py +119 -0
reconcile/gql_definitions/unleash_feature_toggles/__init__.py +0 -0
reconcile/gql_definitions/unleash_feature_toggles/feature_toggles.py +113 -0
reconcile/gql_definitions/vault_instances/vault_instances.py +17 -50
reconcile/gql_definitions/vault_policies/vault_policies.py +2 -2
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator.py +49 -12
reconcile/gql_definitions/vpc_peerings_validator/vpc_peerings_validator_peered_cluster_fragment.py +7 -2
reconcile/integrations_manager.py +25 -13
reconcile/jenkins/types.py +5 -1
reconcile/jenkins_base.py +36 -0
reconcile/jenkins_job_builder.py +10 -48
reconcile/jenkins_job_builds_cleaner.py +40 -25
reconcile/jenkins_job_cleaner.py +1 -3
reconcile/jenkins_roles.py +22 -26
reconcile/jenkins_webhooks.py +9 -6
reconcile/jenkins_worker_fleets.py +11 -6
reconcile/jira_permissions_validator.py +340 -0
reconcile/jira_watcher.py +3 -5
reconcile/ldap_groups/__init__.py +0 -0
reconcile/ldap_groups/integration.py +279 -0
reconcile/ldap_users.py +3 -0
reconcile/ocm/types.py +39 -59
reconcile/ocm_additional_routers.py +0 -1
reconcile/ocm_addons_upgrade_tests_trigger.py +10 -15
reconcile/ocm_aws_infrastructure_access.py +30 -32
reconcile/ocm_clusters.py +217 -130
reconcile/ocm_external_configuration_labels.py +15 -0
reconcile/ocm_github_idp.py +1 -1
reconcile/ocm_groups.py +25 -5
reconcile/ocm_internal_notifications/__init__.py +0 -0
reconcile/ocm_internal_notifications/integration.py +119 -0
reconcile/ocm_labels/__init__.py +0 -0
reconcile/ocm_labels/integration.py +409 -0
reconcile/ocm_machine_pools.py +517 -108
reconcile/ocm_upgrade_scheduler_org_updater.py +15 -11
reconcile/openshift_base.py +609 -207
reconcile/openshift_cluster_bots.py +344 -0
reconcile/openshift_clusterrolebindings.py +15 -15
reconcile/openshift_groups.py +42 -45
reconcile/openshift_limitranges.py +1 -0
reconcile/openshift_namespace_labels.py +22 -28
reconcile/openshift_namespaces.py +22 -22
reconcile/openshift_network_policies.py +4 -8
reconcile/openshift_prometheus_rules.py +43 -0
reconcile/openshift_resourcequotas.py +2 -16
reconcile/openshift_resources.py +12 -10
reconcile/openshift_resources_base.py +304 -328
reconcile/openshift_rolebindings.py +18 -20
reconcile/openshift_saas_deploy.py +105 -21
reconcile/openshift_saas_deploy_change_tester.py +30 -35
reconcile/openshift_saas_deploy_trigger_base.py +39 -36
reconcile/openshift_saas_deploy_trigger_cleaner.py +41 -27
reconcile/openshift_saas_deploy_trigger_configs.py +1 -2
reconcile/openshift_saas_deploy_trigger_images.py +1 -2
reconcile/openshift_saas_deploy_trigger_moving_commits.py +1 -2
reconcile/openshift_saas_deploy_trigger_upstream_jobs.py +1 -2
reconcile/openshift_serviceaccount_tokens.py +138 -74
reconcile/openshift_tekton_resources.py +89 -24
reconcile/openshift_upgrade_watcher.py +110 -62
reconcile/openshift_users.py +16 -15
reconcile/openshift_vault_secrets.py +11 -6
reconcile/oum/__init__.py +0 -0
reconcile/oum/base.py +387 -0
reconcile/oum/labelset.py +55 -0
reconcile/oum/metrics.py +71 -0
reconcile/oum/models.py +69 -0
reconcile/oum/providers.py +59 -0
reconcile/oum/standalone.py +196 -0
reconcile/prometheus_rules_tester/integration.py +31 -23
reconcile/quay_base.py +4 -1
reconcile/quay_membership.py +1 -2
reconcile/quay_mirror.py +111 -61
reconcile/quay_mirror_org.py +34 -21
reconcile/quay_permissions.py +7 -3
reconcile/quay_repos.py +24 -32
reconcile/queries.py +263 -198
reconcile/query_validator.py +3 -5
reconcile/resource_scraper.py +3 -4
reconcile/{template_tester.py → resource_template_tester.py} +3 -3
reconcile/rhidp/__init__.py +0 -0
reconcile/rhidp/common.py +214 -0
reconcile/rhidp/metrics.py +20 -0
reconcile/rhidp/ocm_oidc_idp/__init__.py +0 -0
reconcile/rhidp/ocm_oidc_idp/base.py +221 -0
reconcile/rhidp/ocm_oidc_idp/integration.py +56 -0
reconcile/rhidp/ocm_oidc_idp/metrics.py +22 -0
reconcile/rhidp/sso_client/__init__.py +0 -0
reconcile/rhidp/sso_client/base.py +266 -0
reconcile/rhidp/sso_client/integration.py +60 -0
reconcile/rhidp/sso_client/metrics.py +39 -0
reconcile/run_integration.py +293 -0
reconcile/saas_auto_promotions_manager/integration.py +69 -24
reconcile/saas_auto_promotions_manager/merge_request_manager/batcher.py +208 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/desired_state.py +28 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request.py +3 -4
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request_manager_v2.py +172 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/metrics.py +42 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/mr_parser.py +226 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/open_merge_requests.py +23 -0
reconcile/saas_auto_promotions_manager/merge_request_manager/renderer.py +108 -32
reconcile/saas_auto_promotions_manager/meta.py +4 -0
reconcile/saas_auto_promotions_manager/publisher.py +32 -4
reconcile/saas_auto_promotions_manager/s3_exporter.py +77 -0
reconcile/saas_auto_promotions_manager/subscriber.py +110 -23
reconcile/saas_auto_promotions_manager/utils/saas_files_inventory.py +48 -41
reconcile/saas_file_validator.py +16 -6
reconcile/sendgrid_teammates.py +27 -12
reconcile/service_dependencies.py +0 -3
reconcile/signalfx_endpoint_monitoring.py +2 -5
reconcile/skupper_network/integration.py +10 -11
reconcile/skupper_network/models.py +3 -5
reconcile/skupper_network/reconciler.py +28 -35
reconcile/skupper_network/site_controller.py +8 -8
reconcile/slack_base.py +4 -7
reconcile/slack_usergroups.py +249 -171
reconcile/sql_query.py +324 -171
reconcile/status.py +0 -1
reconcile/status_board.py +275 -0
reconcile/statuspage/__init__.py +0 -5
reconcile/statuspage/atlassian.py +219 -80
reconcile/statuspage/integration.py +9 -97
reconcile/statuspage/integrations/__init__.py +0 -0
reconcile/statuspage/integrations/components.py +77 -0
reconcile/statuspage/integrations/maintenances.py +111 -0
reconcile/statuspage/page.py +107 -72
reconcile/statuspage/state.py +6 -11
reconcile/statuspage/status.py +8 -12
reconcile/templates/rosa-classic-cluster-creation.sh.j2 +60 -0
reconcile/templates/rosa-hcp-cluster-creation.sh.j2 +61 -0
reconcile/templating/__init__.py +0 -0
reconcile/templating/lib/__init__.py +0 -0
reconcile/templating/lib/merge_request_manager.py +180 -0
reconcile/templating/lib/model.py +20 -0
reconcile/templating/lib/rendering.py +191 -0
reconcile/templating/renderer.py +410 -0
reconcile/templating/validator.py +153 -0
reconcile/terraform_aws_route53.py +13 -10
reconcile/terraform_cloudflare_dns.py +92 -122
reconcile/terraform_cloudflare_resources.py +15 -13
reconcile/terraform_cloudflare_users.py +27 -27
reconcile/terraform_init/__init__.py +0 -0
reconcile/terraform_init/integration.py +165 -0
reconcile/terraform_init/merge_request.py +57 -0
reconcile/terraform_init/merge_request_manager.py +102 -0
reconcile/terraform_repo.py +403 -0
reconcile/terraform_resources.py +266 -168
reconcile/terraform_tgw_attachments.py +417 -167
reconcile/terraform_users.py +40 -17
reconcile/terraform_vpc_peerings.py +310 -142
reconcile/terraform_vpc_resources/__init__.py +0 -0
reconcile/terraform_vpc_resources/integration.py +220 -0
reconcile/terraform_vpc_resources/merge_request.py +57 -0
reconcile/terraform_vpc_resources/merge_request_manager.py +107 -0
reconcile/typed_queries/alerting_services_settings.py +1 -2
reconcile/typed_queries/app_interface_custom_messages.py +24 -0
reconcile/typed_queries/app_interface_deadmanssnitch_settings.py +17 -0
reconcile/typed_queries/app_interface_metrics_exporter/__init__.py +0 -0
reconcile/typed_queries/app_interface_metrics_exporter/onboarding_status.py +13 -0
reconcile/typed_queries/app_interface_repo_url.py +1 -2
reconcile/typed_queries/app_interface_state_settings.py +1 -3
reconcile/typed_queries/app_interface_vault_settings.py +1 -2
reconcile/typed_queries/app_quay_repos_escalation_policies.py +14 -0
reconcile/typed_queries/apps.py +11 -0
reconcile/typed_queries/aws_vpc_requests.py +9 -0
reconcile/typed_queries/aws_vpcs.py +12 -0
reconcile/typed_queries/cloudflare.py +10 -0
reconcile/typed_queries/clusters.py +7 -5
reconcile/typed_queries/clusters_minimal.py +6 -5
reconcile/typed_queries/clusters_with_dms.py +16 -0
reconcile/typed_queries/cost_report/__init__.py +0 -0
reconcile/typed_queries/cost_report/app_names.py +22 -0
reconcile/typed_queries/cost_report/cost_namespaces.py +43 -0
reconcile/typed_queries/cost_report/settings.py +15 -0
reconcile/typed_queries/dynatrace.py +10 -0
reconcile/typed_queries/dynatrace_environments.py +14 -0
reconcile/typed_queries/dynatrace_token_provider_token_specs.py +14 -0
reconcile/typed_queries/external_resources.py +46 -0
reconcile/typed_queries/get_state_aws_account.py +20 -0
reconcile/typed_queries/glitchtip.py +10 -0
reconcile/typed_queries/jenkins.py +25 -0
reconcile/typed_queries/jira.py +7 -0
reconcile/typed_queries/jira_settings.py +16 -0
reconcile/typed_queries/jiralert_settings.py +22 -0
reconcile/typed_queries/ocm.py +8 -0
reconcile/typed_queries/pagerduty_instances.py +2 -7
reconcile/typed_queries/quay.py +23 -0
reconcile/typed_queries/repos.py +20 -8
reconcile/typed_queries/reserved_networks.py +12 -0
reconcile/typed_queries/saas_files.py +221 -167
reconcile/typed_queries/slack.py +7 -0
reconcile/typed_queries/slo_documents.py +12 -0
reconcile/typed_queries/status_board.py +58 -0
reconcile/typed_queries/tekton_pipeline_providers.py +1 -2
reconcile/typed_queries/terraform_namespaces.py +1 -2
reconcile/typed_queries/terraform_tgw_attachments/__init__.py +0 -0
reconcile/typed_queries/terraform_tgw_attachments/aws_accounts.py +16 -0
reconcile/typed_queries/unleash.py +10 -0
reconcile/typed_queries/users.py +11 -0
reconcile/typed_queries/vault.py +10 -0
reconcile/unleash_feature_toggles/__init__.py +0 -0
reconcile/unleash_feature_toggles/integration.py +287 -0
reconcile/utils/acs/__init__.py +0 -0
reconcile/utils/acs/base.py +81 -0
reconcile/utils/acs/notifiers.py +143 -0
reconcile/utils/acs/policies.py +163 -0
reconcile/utils/acs/rbac.py +277 -0
reconcile/utils/aggregated_list.py +11 -9
reconcile/utils/amtool.py +6 -4
reconcile/utils/aws_api.py +279 -66
reconcile/utils/aws_api_typed/__init__.py +0 -0
reconcile/utils/aws_api_typed/account.py +23 -0
reconcile/utils/aws_api_typed/api.py +273 -0
reconcile/utils/aws_api_typed/dynamodb.py +16 -0
reconcile/utils/aws_api_typed/iam.py +67 -0
reconcile/utils/aws_api_typed/organization.py +152 -0
reconcile/utils/aws_api_typed/s3.py +26 -0
reconcile/utils/aws_api_typed/service_quotas.py +79 -0
reconcile/utils/aws_api_typed/sts.py +36 -0
reconcile/utils/aws_api_typed/support.py +79 -0
reconcile/utils/aws_helper.py +42 -3
reconcile/utils/batches.py +11 -0
reconcile/utils/binary.py +7 -9
reconcile/utils/cloud_resource_best_practice/__init__.py +0 -0
reconcile/utils/cloud_resource_best_practice/aws_rds.py +66 -0
reconcile/utils/clusterhealth/__init__.py +0 -0
reconcile/utils/clusterhealth/providerbase.py +39 -0
reconcile/utils/clusterhealth/telemeter.py +39 -0
reconcile/utils/config.py +3 -4
reconcile/utils/deadmanssnitch_api.py +86 -0
reconcile/utils/differ.py +205 -0
reconcile/utils/disabled_integrations.py +4 -6
reconcile/utils/dynatrace/__init__.py +0 -0
reconcile/utils/dynatrace/client.py +93 -0
reconcile/utils/early_exit_cache.py +289 -0
reconcile/utils/elasticsearch_exceptions.py +5 -0
reconcile/utils/environ.py +2 -2
reconcile/utils/exceptions.py +4 -0
reconcile/utils/expiration.py +4 -8
reconcile/utils/extended_early_exit.py +210 -0
reconcile/utils/external_resource_spec.py +34 -12
reconcile/utils/external_resources.py +48 -20
reconcile/utils/filtering.py +16 -0
reconcile/utils/git.py +49 -16
reconcile/utils/github_api.py +10 -9
reconcile/utils/gitlab_api.py +333 -190
reconcile/utils/glitchtip/client.py +97 -100
reconcile/utils/glitchtip/models.py +89 -11
reconcile/utils/gql.py +157 -58
reconcile/utils/grouping.py +17 -0
reconcile/utils/helm.py +89 -18
reconcile/utils/helpers.py +51 -0
reconcile/utils/imap_client.py +5 -6
reconcile/utils/internal_groups/__init__.py +0 -0
reconcile/utils/internal_groups/client.py +160 -0
reconcile/utils/internal_groups/models.py +71 -0
reconcile/utils/jenkins_api.py +10 -34
reconcile/utils/jinja2/__init__.py +0 -0
reconcile/utils/{jinja2_ext.py → jinja2/extensions.py} +6 -4
reconcile/utils/jinja2/filters.py +142 -0
reconcile/utils/jinja2/utils.py +278 -0
reconcile/utils/jira_client.py +165 -8
reconcile/utils/jjb_client.py +47 -35
reconcile/utils/jobcontroller/__init__.py +0 -0
reconcile/utils/jobcontroller/controller.py +413 -0
reconcile/utils/jobcontroller/models.py +195 -0
reconcile/utils/jsonpath.py +4 -5
reconcile/utils/jump_host.py +13 -12
reconcile/utils/keycloak.py +106 -0
reconcile/utils/ldap_client.py +35 -6
reconcile/utils/lean_terraform_client.py +115 -6
reconcile/utils/membershipsources/__init__.py +0 -0
reconcile/utils/membershipsources/app_interface_resolver.py +60 -0
reconcile/utils/membershipsources/models.py +91 -0
reconcile/utils/membershipsources/resolver.py +110 -0
reconcile/utils/merge_request_manager/__init__.py +0 -0
reconcile/utils/merge_request_manager/merge_request_manager.py +99 -0
reconcile/utils/merge_request_manager/parser.py +67 -0
reconcile/utils/metrics.py +511 -1
reconcile/utils/models.py +123 -0
reconcile/utils/mr/README.md +198 -0
reconcile/utils/mr/__init__.py +14 -10
reconcile/utils/mr/app_interface_reporter.py +2 -2
reconcile/utils/mr/aws_access.py +4 -4
reconcile/utils/mr/base.py +51 -31
reconcile/utils/mr/clusters_updates.py +10 -7
reconcile/utils/mr/glitchtip_access_reporter.py +2 -4
reconcile/utils/mr/labels.py +14 -1
reconcile/utils/mr/notificator.py +1 -3
reconcile/utils/mr/ocm_update_recommended_version.py +1 -2
reconcile/utils/mr/ocm_upgrade_scheduler_org_updates.py +7 -3
reconcile/utils/mr/promote_qontract.py +203 -0
reconcile/utils/mr/user_maintenance.py +24 -4
reconcile/utils/oauth2_backend_application_session.py +132 -0
reconcile/utils/oc.py +194 -170
reconcile/utils/oc_connection_parameters.py +40 -51
reconcile/utils/oc_filters.py +11 -13
reconcile/utils/oc_map.py +14 -35
reconcile/utils/ocm/__init__.py +30 -1
reconcile/utils/ocm/addons.py +228 -0
reconcile/utils/ocm/base.py +618 -5
reconcile/utils/ocm/cluster_groups.py +5 -56
reconcile/utils/ocm/clusters.py +111 -99
reconcile/utils/ocm/identity_providers.py +66 -0
reconcile/utils/ocm/label_sources.py +75 -0
reconcile/utils/ocm/labels.py +139 -54
reconcile/utils/ocm/manifests.py +39 -0
reconcile/utils/ocm/ocm.py +182 -928
reconcile/utils/ocm/products.py +758 -0
reconcile/utils/ocm/search_filters.py +20 -28
reconcile/utils/ocm/service_log.py +32 -79
reconcile/utils/ocm/sre_capability_labels.py +51 -0
reconcile/utils/ocm/status_board.py +66 -0
reconcile/utils/ocm/subscriptions.py +49 -59
reconcile/utils/ocm/syncsets.py +39 -0
reconcile/utils/ocm/upgrades.py +181 -0
reconcile/utils/ocm_base_client.py +71 -36
reconcile/utils/openshift_resource.py +113 -67
reconcile/utils/output.py +18 -11
reconcile/utils/pagerduty_api.py +16 -10
reconcile/utils/parse_dhms_duration.py +13 -1
reconcile/utils/prometheus.py +123 -0
reconcile/utils/promotion_state.py +56 -19
reconcile/utils/promtool.py +5 -8
reconcile/utils/quay_api.py +13 -25
reconcile/utils/raw_github_api.py +3 -5
reconcile/utils/repo_owners.py +2 -8
reconcile/utils/rest_api_base.py +126 -0
reconcile/utils/rosa/__init__.py +0 -0
reconcile/utils/rosa/rosa_cli.py +310 -0
reconcile/utils/rosa/session.py +201 -0
reconcile/utils/ruamel.py +16 -0
reconcile/utils/runtime/__init__.py +0 -1
reconcile/utils/runtime/desired_state_diff.py +9 -20
reconcile/utils/runtime/environment.py +33 -8
reconcile/utils/runtime/integration.py +28 -12
reconcile/utils/runtime/meta.py +1 -3
reconcile/utils/runtime/runner.py +8 -11
reconcile/utils/runtime/sharding.py +93 -36
reconcile/utils/saasherder/__init__.py +1 -1
reconcile/utils/saasherder/interfaces.py +143 -138
reconcile/utils/saasherder/models.py +201 -43
reconcile/utils/saasherder/saasherder.py +508 -378
reconcile/utils/secret_reader.py +22 -27
reconcile/utils/semver_helper.py +15 -1
reconcile/utils/slack_api.py +124 -36
reconcile/utils/smtp_client.py +1 -2
reconcile/utils/sqs_gateway.py +10 -6
reconcile/utils/state.py +276 -127
reconcile/utils/terraform/config_client.py +6 -7
reconcile/utils/terraform_client.py +284 -125
reconcile/utils/terrascript/cloudflare_client.py +38 -17
reconcile/utils/terrascript/cloudflare_resources.py +67 -18
reconcile/utils/terrascript/models.py +2 -3
reconcile/utils/terrascript/resources.py +1 -2
reconcile/utils/terrascript_aws_client.py +1292 -540
reconcile/utils/three_way_diff_strategy.py +157 -0
reconcile/utils/unleash/__init__.py +11 -0
reconcile/utils/{unleash.py → unleash/client.py} +35 -29
reconcile/utils/unleash/server.py +145 -0
reconcile/utils/vault.py +42 -32
reconcile/utils/vaultsecretref.py +2 -4
reconcile/utils/vcs.py +250 -0
reconcile/vault_replication.py +38 -31
reconcile/vpc_peerings_validator.py +82 -13
tools/app_interface_metrics_exporter.py +70 -0
tools/app_interface_reporter.py +44 -157
tools/cli_commands/container_images_report.py +154 -0
tools/cli_commands/cost_report/__init__.py +0 -0
tools/cli_commands/cost_report/aws.py +137 -0
tools/cli_commands/cost_report/cost_management_api.py +155 -0
tools/cli_commands/cost_report/model.py +49 -0
tools/cli_commands/cost_report/openshift.py +166 -0
tools/cli_commands/cost_report/openshift_cost_optimization.py +187 -0
tools/cli_commands/cost_report/response.py +124 -0
tools/cli_commands/cost_report/util.py +72 -0
tools/cli_commands/cost_report/view.py +524 -0
tools/cli_commands/erv2.py +620 -0
tools/cli_commands/gpg_encrypt.py +5 -8
tools/cli_commands/systems_and_tools.py +489 -0
tools/glitchtip_access_revalidation.py +1 -1
tools/qontract_cli.py +2301 -673
tools/saas_metrics_exporter/__init__.py +0 -0
tools/saas_metrics_exporter/commit_distance/__init__.py +0 -0
tools/saas_metrics_exporter/commit_distance/channel.py +63 -0
tools/saas_metrics_exporter/commit_distance/commit_distance.py +103 -0
tools/saas_metrics_exporter/commit_distance/metrics.py +19 -0
tools/saas_metrics_exporter/main.py +99 -0
tools/saas_promotion_state/__init__.py +0 -0
tools/saas_promotion_state/saas_promotion_state.py +105 -0
tools/sd_app_sre_alert_report.py +145 -0
tools/template_validation.py +107 -0
e2e_tests/cli.py +0 -83
e2e_tests/create_namespace.py +0 -43
e2e_tests/dedicated_admin_rolebindings.py +0 -44
e2e_tests/dedicated_admin_test_base.py +0 -39
e2e_tests/default_network_policies.py +0 -47
e2e_tests/default_project_labels.py +0 -52
e2e_tests/network_policy_test_base.py +0 -17
e2e_tests/test_base.py +0 -56
qontract_reconcile-0.10.0.dist-info/LICENSE +0 -201
qontract_reconcile-0.10.0.dist-info/METADATA +0 -63
qontract_reconcile-0.10.0.dist-info/RECORD +0 -586
qontract_reconcile-0.10.0.dist-info/top_level.txt +0 -4
reconcile/ecr_mirror.py +0 -152
reconcile/github_scanner.py +0 -74
reconcile/gitlab_integrations.py +0 -63
reconcile/gql_definitions/ocm_oidc_idp/clusters.py +0 -195
reconcile/gql_definitions/ocp_release_mirror/ocp_release_mirror.py +0 -287
reconcile/integrations_validator.py +0 -18
reconcile/jenkins_plugins.py +0 -129
reconcile/kafka_clusters.py +0 -208
reconcile/ocm_cluster_admin.py +0 -42
reconcile/ocm_oidc_idp.py +0 -198
reconcile/ocp_release_mirror.py +0 -373
reconcile/prometheus_rules_tester_old.py +0 -436
reconcile/saas_auto_promotions_manager/merge_request_manager/merge_request_manager.py +0 -279
reconcile/saas_auto_promotions_manager/utils/vcs.py +0 -141
reconcile/sentry_config.py +0 -613
reconcile/sentry_helper.py +0 -69
reconcile/test/conftest.py +0 -187
reconcile/test/fixtures.py +0 -24
reconcile/test/saas_auto_promotions_manager/conftest.py +0 -69
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/conftest.py +0 -110
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/data_keys.py +0 -10
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/test_housekeeping.py +0 -200
reconcile/test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager/test_merge_request_manager.py +0 -151
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/conftest.py +0 -63
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/data_keys.py +0 -4
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_multiple_namespaces.py +0 -46
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_namespace.py +0 -94
reconcile/test/saas_auto_promotions_manager/merge_request_manager/renderer/test_content_single_target.py +0 -44
reconcile/test/saas_auto_promotions_manager/subscriber/conftest.py +0 -74
reconcile/test/saas_auto_promotions_manager/subscriber/data_keys.py +0 -11
reconcile/test/saas_auto_promotions_manager/subscriber/test_content_hash.py +0 -155
reconcile/test/saas_auto_promotions_manager/subscriber/test_diff.py +0 -173
reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_config_hash.py +0 -226
reconcile/test/saas_auto_promotions_manager/subscriber/test_multiple_channels_moving_ref.py +0 -224
reconcile/test/saas_auto_promotions_manager/subscriber/test_single_channel_with_single_publisher.py +0 -350
reconcile/test/saas_auto_promotions_manager/test_integration_test.py +0 -129
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_multiple_publishers_for_single_channel.py +0 -70
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_use_target_config_hash.py +0 -63
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_with_auto_promote.py +0 -74
reconcile/test/saas_auto_promotions_manager/utils/saas_files_inventory/test_saas_files_without_auto_promote.py +0 -65
reconcile/test/test_aggregated_list.py +0 -237
reconcile/test/test_amtool.py +0 -37
reconcile/test/test_auto_promoter.py +0 -295
reconcile/test/test_aws_ami_share.py +0 -68
reconcile/test/test_aws_iam_keys.py +0 -70
reconcile/test/test_aws_iam_password_reset.py +0 -35
reconcile/test/test_aws_support_cases_sos.py +0 -23
reconcile/test/test_checkpoint.py +0 -178
reconcile/test/test_cli.py +0 -41
reconcile/test/test_closedbox_endpoint_monitoring.py +0 -207
reconcile/test/test_gabi_authorized_users.py +0 -72
reconcile/test/test_github_org.py +0 -154
reconcile/test/test_github_repo_invites.py +0 -123
reconcile/test/test_gitlab_housekeeping.py +0 -88
reconcile/test/test_gitlab_labeler.py +0 -129
reconcile/test/test_gitlab_members.py +0 -283
reconcile/test/test_instrumented_wrappers.py +0 -18
reconcile/test/test_integrations_manager.py +0 -995
reconcile/test/test_jenkins_worker_fleets.py +0 -55
reconcile/test/test_jump_host.py +0 -117
reconcile/test/test_ldap_users.py +0 -123
reconcile/test/test_make.py +0 -28
reconcile/test/test_ocm_additional_routers.py +0 -134
reconcile/test/test_ocm_addons_upgrade_scheduler_org.py +0 -149
reconcile/test/test_ocm_clusters.py +0 -598
reconcile/test/test_ocm_clusters_manifest_updates.py +0 -89
reconcile/test/test_ocm_oidc_idp.py +0 -315
reconcile/test/test_ocm_update_recommended_version.py +0 -145
reconcile/test/test_ocm_upgrade_scheduler.py +0 -614
reconcile/test/test_ocm_upgrade_scheduler_org_updater.py +0 -129
reconcile/test/test_openshift_base.py +0 -730
reconcile/test/test_openshift_namespace_labels.py +0 -345
reconcile/test/test_openshift_namespaces.py +0 -256
reconcile/test/test_openshift_resource.py +0 -415
reconcile/test/test_openshift_resources_base.py +0 -440
reconcile/test/test_openshift_saas_deploy_change_tester.py +0 -310
reconcile/test/test_openshift_tekton_resources.py +0 -253
reconcile/test/test_openshift_upgrade_watcher.py +0 -146
reconcile/test/test_prometheus_rules_tester.py +0 -151
reconcile/test/test_prometheus_rules_tester_old.py +0 -77
reconcile/test/test_quay_membership.py +0 -86
reconcile/test/test_quay_mirror.py +0 -109
reconcile/test/test_quay_mirror_org.py +0 -70
reconcile/test/test_quay_repos.py +0 -59
reconcile/test/test_queries.py +0 -53
reconcile/test/test_repo_owners.py +0 -47
reconcile/test/test_requests_sender.py +0 -139
reconcile/test/test_saasherder.py +0 -1074
reconcile/test/test_saasherder_allowed_secret_paths.py +0 -127
reconcile/test/test_secret_reader.py +0 -153
reconcile/test/test_slack_base.py +0 -185
reconcile/test/test_slack_usergroups.py +0 -744
reconcile/test/test_sql_query.py +0 -19
reconcile/test/test_terraform_cloudflare_dns.py +0 -117
reconcile/test/test_terraform_cloudflare_resources.py +0 -106
reconcile/test/test_terraform_cloudflare_users.py +0 -749
reconcile/test/test_terraform_resources.py +0 -257
reconcile/test/test_terraform_tgw_attachments.py +0 -631
reconcile/test/test_terraform_users.py +0 -57
reconcile/test/test_terraform_vpc_peerings.py +0 -499
reconcile/test/test_terraform_vpc_peerings_build_desired_state.py +0 -1061
reconcile/test/test_unleash.py +0 -138
reconcile/test/test_utils_aws_api.py +0 -240
reconcile/test/test_utils_aws_helper.py +0 -80
reconcile/test/test_utils_cluster_version_data.py +0 -177
reconcile/test/test_utils_data_structures.py +0 -13
reconcile/test/test_utils_disabled_integrations.py +0 -86
reconcile/test/test_utils_expiration.py +0 -109
reconcile/test/test_utils_external_resource_spec.py +0 -383
reconcile/test/test_utils_external_resources.py +0 -247
reconcile/test/test_utils_github_api.py +0 -73
reconcile/test/test_utils_gitlab_api.py +0 -20
reconcile/test/test_utils_gpg.py +0 -69
reconcile/test/test_utils_gql.py +0 -81
reconcile/test/test_utils_helm.py +0 -306
reconcile/test/test_utils_helpers.py +0 -55
reconcile/test/test_utils_imap_client.py +0 -65
reconcile/test/test_utils_jjb_client.py +0 -52
reconcile/test/test_utils_jsonpath.py +0 -286
reconcile/test/test_utils_ldap_client.py +0 -51
reconcile/test/test_utils_mr.py +0 -226
reconcile/test/test_utils_mr_clusters_updates.py +0 -77
reconcile/test/test_utils_oc.py +0 -984
reconcile/test/test_utils_ocm.py +0 -110
reconcile/test/test_utils_pagerduty_api.py +0 -251
reconcile/test/test_utils_parse_dhms_duration.py +0 -34
reconcile/test/test_utils_password_validator.py +0 -155
reconcile/test/test_utils_quay_api.py +0 -86
reconcile/test/test_utils_semver_helper.py +0 -19
reconcile/test/test_utils_sharding.py +0 -56
reconcile/test/test_utils_slack_api.py +0 -439
reconcile/test/test_utils_smtp_client.py +0 -73
reconcile/test/test_utils_state.py +0 -256
reconcile/test/test_utils_terraform.py +0 -13
reconcile/test/test_utils_terraform_client.py +0 -585
reconcile/test/test_utils_terraform_config_client.py +0 -219
reconcile/test/test_utils_terrascript_aws_client.py +0 -277
reconcile/test/test_utils_terrascript_cloudflare_client.py +0 -597
reconcile/test/test_utils_terrascript_cloudflare_resources.py +0 -26
reconcile/test/test_vault_replication.py +0 -515
reconcile/test/test_vault_utils.py +0 -47
reconcile/test/test_version_bump.py +0 -18
reconcile/test/test_vpc_peerings_validator.py +0 -103
reconcile/test/test_wrong_region.py +0 -78
reconcile/typed_queries/glitchtip_settings.py +0 -18
reconcile/typed_queries/ocp_release_mirror.py +0 -11
reconcile/unleash_watcher.py +0 -120
reconcile/utils/git_secrets.py +0 -63
reconcile/utils/mr/auto_promoter.py +0 -218
reconcile/utils/sentry_client.py +0 -383
release/test_version.py +0 -50
release/version.py +0 -100
tools/test/test_qontract_cli.py +0 -60
tools/test/test_sre_checkpoints.py +0 -79
/e2e_tests/__init__.py → /reconcile/aus/upgrades.py +0 -0
/reconcile/{gql_definitions/ocp_release_mirror → aws_account_manager}/__init__.py +0 -0
/reconcile/{test → aws_ami_cleanup}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager → aws_cloudwatch_log_retention}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager → aws_saml_idp}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager/merge_request_manager → aws_saml_roles}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/merge_request_manager/renderer → aws_version_sync}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/subscriber → aws_version_sync/merge_request_manager}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/utils → cluster_auth_rhidp}/__init__.py +0 -0
/reconcile/{test/saas_auto_promotions_manager/utils/saas_files_inventory → dynatrace_token_provider}/__init__.py +0 -0
{release → reconcile/endpoints_discovery}/__init__.py +0 -0
{tools/test → reconcile/external_resources}/__init__.py +0 -0

reconcile/aus/advanced_upgrade_service.py CHANGED Viewed

@@ -1,25 +1,638 @@
+import logging
+from collections import defaultdict
+from datetime import timedelta
 from typing import Optional
-from reconcile.aus.models import OrganizationUpgradeSpec
+from pydantic import (
+    BaseModel,
+    Field,
+    ValidationError,
+    validator,
+)
+from pydantic.dataclasses import dataclass
+from reconcile.aus.healthchecks import (
+    AUSClusterHealthCheckProvider,
+    build_cluster_health_providers_for_organization,
+)
+from reconcile.aus.metrics import AUSOCMEnvironmentError
+from reconcile.aus.models import (
+    ClusterUpgradeSpec,
+    NodePoolSpec,
+    OrganizationUpgradeSpec,
+)
+from reconcile.aus.node_pool_spec import (
+    get_node_pool_specs_by_org_cluster,
+)
 from reconcile.aus.ocm_upgrade_scheduler_org import (
     OCMClusterUpgradeSchedulerOrgIntegration,
 )
+from reconcile.gql_definitions.fragments.aus_organization import (
+    AUSOCMOrganization,
+    OpenShiftClusterManagerSectorDependenciesV1,
+    OpenShiftClusterManagerSectorV1,
+    OpenShiftClusterManagerV1_OpenShiftClusterManagerV1,
+    OpenShiftClusterManagerV1_OpenShiftClusterManagerV1_OpenShiftClusterManagerEnvironmentV1,
+)
+from reconcile.gql_definitions.fragments.minimal_ocm_organization import (
+    MinimalOCMOrganization,
+)
 from reconcile.gql_definitions.fragments.ocm_environment import OCMEnvironment
+from reconcile.gql_definitions.fragments.upgrade_policy import (
+    ClusterUpgradePolicyConditionsV1,
+    ClusterUpgradePolicyV1,
+)
+from reconcile.utils import metrics
+from reconcile.utils.clusterhealth.providerbase import ClusterHealthProvider
+from reconcile.utils.models import (
+    CSV,
+    cron_validator,
+)
+from reconcile.utils.ocm.base import (
+    LabelContainer,
+    OCMClusterServiceLogCreateModel,
+    OCMOrganizationLabel,
+    OCMServiceLogSeverity,
+    build_label_container,
+)
+from reconcile.utils.ocm.clusters import (
+    ClusterDetails,
+    discover_clusters_by_labels,
+)
+from reconcile.utils.ocm.labels import (
+    get_org_labels,
+    get_organization_labels,
+    subscription_label_filter,
+)
+from reconcile.utils.ocm.search_filters import Filter
+from reconcile.utils.ocm.service_log import create_service_log
+from reconcile.utils.ocm.sre_capability_labels import (
+    build_labelset,
+    labelset_groupfield,
+    sre_capability_label_key,
+)
+from reconcile.utils.ocm_base_client import (
+    OCMBaseClient,
+    init_ocm_base_client,
+)
 QONTRACT_INTEGRATION = "advanced-upgrade-scheduler"
 class AdvancedUpgradeServiceIntegration(OCMClusterUpgradeSchedulerOrgIntegration):
+    """
+    A flavour of the OCM organization based upgrade scheduler, that uses
+    OCM labels to discover clusters and their upgrade policies.
+    """
     @property
     def name(self) -> str:
         return QONTRACT_INTEGRATION
-    def get_ocm_env_upgrade_specs(
-        self, ocm_env: OCMEnvironment, org_name: Optional[str] = None
+    def get_upgrade_specs(self) -> dict[str, dict[str, OrganizationUpgradeSpec]]:
+        inheritance_network = self.init_version_data_network()
+        envs_org_upgrade_specs: dict[str, dict[str, OrganizationUpgradeSpec]] = {}
+        for ocm_env in self.get_ocm_environments():
+            try:
+                envs_org_upgrade_specs[ocm_env.name] = (
+                    self._build_ocm_env_upgrade_specs(
+                        ocm_env=ocm_env,
+                        inheritance_network=inheritance_network,
+                    )
+                )
+            except Exception as e:
+                logging.exception(
+                    "Failed to get org upgrade specs for OCM environment %s. Skipping. %s",
+                    ocm_env.name,
+                    e,
+                )
+                metrics.inc_counter(
+                    AUSOCMEnvironmentError(
+                        integration=self.name,
+                        ocm_env=ocm_env.name,
+                    )
+                )
+        return envs_org_upgrade_specs
+    def init_version_data_network(self) -> dict["OrgRef", "VersionDataInheritance"]:
+        # collect all version data labels from all OCM environments ...
+        org_to_env: dict[str, OCMEnvironment] = {}
+        labels_by_org: dict[str, list[OCMOrganizationLabel]] = defaultdict(list)
+        for env in self.get_ocm_environments(filter=False):
+            with init_ocm_base_client(env, self.secret_reader) as ocm_api:
+                for label in get_organization_labels(
+                    ocm_api=ocm_api,
+                    filter=Filter().like("key", aus_label_key("version-data.%")),
+                ):
+                    labels_by_org[label.organization_id].append(label)
+                    org_to_env[label.organization_id] = env
+        # ... and build the inheritance network
+        return build_version_data_inheritance_network({
+            OrgRef(
+                org_id=org_id, env_name=org_to_env[org_id].name
+            ): build_label_container(labels)
+            for org_id, labels in labels_by_org.items()
+        })
+    def _build_ocm_env_upgrade_specs(
+        self,
+        ocm_env: OCMEnvironment,
+        inheritance_network: dict["OrgRef", "VersionDataInheritance"],
     ) -> dict[str, OrganizationUpgradeSpec]:
-        return {
-            # todo
-            # discover orgs + clusters via labels
-            # and create OrganizationUpgradeSpec objects
-            # from them
+        organizations = {
+            org.org_id: org for org in self.get_orgs_for_environment(ocm_env)
         }
+        with init_ocm_base_client(ocm_env, self.secret_reader) as ocm_api:
+            clusters_by_org = discover_clusters(
+                ocm_api=ocm_api,
+                org_ids=set(organizations.keys()),
+                ignore_sts_clusters=self.params.ignore_sts_clusters,
+            )
+            labels_by_org = _get_org_labels(
+                ocm_api=ocm_api, org_ids=set(organizations.keys())
+            )
+            node_pool_specs_by_org_cluster = get_node_pool_specs_by_org_cluster(
+                ocm_api, clusters_by_org
+            )
+        cluster_health_providers = self._health_check_providers_for_env(ocm_env.name)
+        return _build_org_upgrade_specs_for_ocm_env(
+            orgs=organizations,
+            clusters_by_org=clusters_by_org,
+            labels_by_org=labels_by_org,
+            inheritance_network={
+                org_ref.org_id: vdi for org_ref, vdi in inheritance_network.items()
+            },
+            cluster_health_providers=cluster_health_providers,
+            node_pool_specs_by_org_cluster=node_pool_specs_by_org_cluster,
+        )
+    def signal_validation_issues(
+        self, dry_run: bool, org_upgrade_spec: OrganizationUpgradeSpec
+    ) -> None:
+        if not dry_run:
+            with init_ocm_base_client(
+                org_upgrade_spec.org.environment, self.secret_reader
+            ) as ocm_api:
+                _signal_validation_issues_for_org(
+                    ocm_api=ocm_api, org_upgrade_spec=org_upgrade_spec
+                )
+    def signal_reconcile_issues(
+        self,
+        dry_run: bool,
+        org_upgrade_spec: OrganizationUpgradeSpec,
+        exception: Exception,
+    ) -> bool:
+        """
+        AUS will not fail on a reconcile issue. If issues should be noticed by an SRE team,
+        alerts based on the metrics in the `reconcile.aus.metrics` module should be set up.
+        The function is an override on the default behaviour to not ignore errors.
+        It returns true to indicate that the exception was properly handled by logging it.
+        Users / org owners will not be notified about the exception via service logs.
+        AppSRE team members will be notified about the exception via the logs.
+        """
+        logging.error(
+            f"Failed to reconcile cluster upgrades in OCM organization {org_upgrade_spec.org.org_id}",
+            exc_info=exception,
+        )
+        return True
+def discover_clusters(
+    ocm_api: OCMBaseClient,
+    org_ids: set[str] | None = None,
+    ignore_sts_clusters: bool = False,
+) -> dict[str, list[ClusterDetails]]:
+    """
+    Discover all clusters that are part of the AUS service.
+    Discovery is driven by OCM cluster labels.
+    """
+    clusters = discover_clusters_by_labels(
+        ocm_api=ocm_api,
+        label_filter=subscription_label_filter().like("key", aus_label_key("%")),
+    )
+    # group by org and filter if org_id is specified
+    clusters_by_org: dict[str, list[ClusterDetails]] = defaultdict(list)
+    for c in clusters:
+        is_sts_cluster = c.ocm_cluster.aws and c.ocm_cluster.aws.sts_enabled
+        passed_sts_filter = not ignore_sts_clusters or not is_sts_cluster
+        passed_ocm_filters = not org_ids or c.organization_id in org_ids
+        if passed_ocm_filters and passed_sts_filter:
+            clusters_by_org[c.organization_id].append(c)
+    return clusters_by_org
+def _get_org_labels(
+    ocm_api: OCMBaseClient, org_ids: set[str] | None
+) -> dict[str, LabelContainer]:
+    """
+    Fetch all AUS OCM org labels from organizations. They hold config
+    parameters like blocked versions etc.
+    The result is a dict with organization IDs as keys and label containers as values.
+    """
+    return get_org_labels(
+        ocm_api=ocm_api,
+        org_ids=org_ids or set(),
+        label_filter=Filter().like("key", aus_label_key("%")),
+    )
+def _build_org_upgrade_specs_for_ocm_env(
+    orgs: dict[str, AUSOCMOrganization],
+    clusters_by_org: dict[str, list[ClusterDetails]],
+    labels_by_org: dict[str, LabelContainer],
+    inheritance_network: dict[str, "VersionDataInheritance"],
+    cluster_health_providers: dict[str, ClusterHealthProvider],
+    node_pool_specs_by_org_cluster: dict[str, dict[str, list[NodePoolSpec]]],
+) -> dict[str, OrganizationUpgradeSpec]:
+    """
+    Builds the cluster upgrade specs for the given OCM environment.
+    The specs are returned grouped by organization.
+    """
+    return {
+        org_id: _build_org_upgrade_spec(
+            org=orgs[org_id],
+            clusters=clusters,
+            org_labels=labels_by_org.get(org_id) or build_label_container(),
+            version_data_inheritance=inheritance_network.get(org_id),
+            cluster_health_provider=build_cluster_health_providers_for_organization(
+                org=orgs[org_id],
+                providers=cluster_health_providers,
+            ),
+            node_pool_specs_by_cluster_id=node_pool_specs_by_org_cluster.get(org_id)
+            or {},
+        )
+        for org_id, clusters in clusters_by_org.items()
+    }
+def aus_label_key(config_atom: str | None = None) -> str:
+    """
+    Generates label keys for aus, compliant with the naming schema defined in
+    https://service.pages.redhat.com/dev-guidelines/docs/sre-capabilities/framework/ocm-labels/
+    """
+    return sre_capability_label_key("aus", config_atom)
+class OrganizationLabelSet(BaseModel):
+    """
+    Parses, represents and validates a set of organization labels for AUS.
+    """
+    blocked_versions: CSV | None = Field(alias=aus_label_key("blocked-versions"))
+    sector_deps: dict[str, CSV] = labelset_groupfield(
+        group_prefix=aus_label_key("sector-deps.")
+    )
+    """
+    Each sector with dependencies is represented as a `sector-deps.<sector-name>` label
+    with a CSV formatted list of dependant sectors. The custom `labelset_groupfield``
+    FieldMeta combined with the CSV field type takes care of grouping and parsing
+    labels into a dict where each sector is a key and their dependencies are the value.
+    """
+    def sector_dependencies(self) -> list[OpenShiftClusterManagerSectorV1]:
+        """
+        Transforms the sector dependencies into the appropriate dataclasses
+        required by the upgrade policy spec.
+        """
+        all_sectors = set()
+        for s, deps in self.sector_deps.items():
+            all_sectors.add(s)
+            all_sectors.update(deps)
+        return [
+            OpenShiftClusterManagerSectorV1(
+                name=s,
+                dependencies=[
+                    OpenShiftClusterManagerSectorDependenciesV1(name=d, ocm=None)
+                    for d in self.sector_deps.get(s, [])
+                ],
+            )
+            for s in all_sectors
+        ]
+def _build_org_upgrade_spec(
+    org: AUSOCMOrganization,
+    clusters: list[ClusterDetails],
+    org_labels: LabelContainer,
+    version_data_inheritance: Optional["VersionDataInheritance"],
+    cluster_health_provider: AUSClusterHealthCheckProvider,
+    node_pool_specs_by_cluster_id: dict[str, list[NodePoolSpec]],
+) -> OrganizationUpgradeSpec:
+    """
+    Build a upgrade policy spec for each cluster in the organization that
+    has a valid set of labels. Clusters without a set of labels are ignored. Clusters
+    with an invalid/incomplete set of labels are reported as an error.
+    """
+    # build version inheritance config
+    inherit_version_data = None
+    if version_data_inheritance and version_data_inheritance.inherit_from_orgs:
+        inherit_version_data = [
+            OpenShiftClusterManagerV1_OpenShiftClusterManagerV1(
+                name=source_org_ref.org_id,
+                orgId=source_org_ref.org_id,
+                environment=OpenShiftClusterManagerV1_OpenShiftClusterManagerV1_OpenShiftClusterManagerEnvironmentV1(
+                    name=source_org_ref.env_name
+                ),
+                publishVersionData=[
+                    MinimalOCMOrganization(orgId=org.org_id, name=org.name)
+                ],
+            )
+            for source_org_ref in version_data_inheritance.inherit_from_orgs
+        ]
+    org_labelset = build_labelset(org_labels, OrganizationLabelSet)
+    final_org = org.copy(deep=True)
+    final_org.blocked_versions = org_labelset.blocked_versions
+    final_org.sectors = org_labelset.sector_dependencies()
+    final_org.inherit_version_data = inherit_version_data
+    org_upgrade_spec = OrganizationUpgradeSpec(org=final_org)
+    # init policy for each cluster
+    for c in clusters:
+        try:
+            upgrade_policy = _build_policy_from_labels(c.labels)
+            cluster_health = cluster_health_provider.cluster_health(
+                cluster_external_id=c.ocm_cluster.external_id, org_id=org.org_id
+            )
+            org_upgrade_spec.add_spec(
+                ClusterUpgradeSpec(
+                    org=org_upgrade_spec.org,
+                    upgradePolicy=upgrade_policy,
+                    cluster=c.ocm_cluster,
+                    health=cluster_health,
+                    nodePools=node_pool_specs_by_cluster_id.get(c.ocm_cluster.id) or [],
+                )
+            )
+        except ValidationError as validation_error:
+            for e in validation_error.errors():
+                org_upgrade_spec.add_cluster_error(
+                    c.ocm_cluster.external_id, f"label {e['loc'][0]}: {e['msg']}"
+                )
+        except Exception as ex:
+            org_upgrade_spec.add_cluster_error(c.ocm_cluster.external_id, str(ex))
+    # register organization errors
+    if (
+        version_data_inheritance
+        and version_data_inheritance.unverified_inheritance_from_orgs
+    ):
+        unverified_org_ids = [
+            org.org_id
+            for org in version_data_inheritance.unverified_inheritance_from_orgs
+        ]
+        org_upgrade_spec.add_organization_error(
+            f"Version data inheritance from organizations {', '.join(sorted(unverified_org_ids))} "
+            f"are unverified. Ask the owner of these organizations to publish version data to the organization ID {org.org_id}. "
+            "See https://source.redhat.com/groups/public/sre/wiki/advanced_upgrade_service_aus"
+        )
+    return org_upgrade_spec
+class ClusterUpgradePolicyLabelSet(BaseModel):
+    """
+    Parses, represents and validates a set of subscription labels for AUS.
+    """
+    soak_days: int = Field(alias=aus_label_key("soak-days"), ge=0)
+    workloads: CSV = Field(alias=aus_label_key("workloads"), csv_min_items=1)
+    schedule: str = Field(alias=aus_label_key("schedule"))
+    mutexes: CSV | None = Field(alias=aus_label_key("mutexes"))
+    sector: str | None = Field(alias=aus_label_key("sector"))
+    blocked_versions: CSV | None = Field(alias=aus_label_key("blocked-versions"))
+    version_gate_approvals: CSV | None = Field(
+        alias=aus_label_key("version-gate-approvals")
+    )
+    _schedule_validator = validator("schedule", allow_reuse=True)(cron_validator)
+    def build_labels_dict(self) -> dict[str, str]:
+        """
+        Build a dictionary of all labels in this labelset.
+        """
+        labels = {}
+        for k, v in self.dict(by_alias=True).items():
+            if v is None:
+                continue
+            if isinstance(v, list):
+                labels[k] = ",".join(sorted(v))
+            else:
+                labels[k] = str(v)
+        return labels
+def build_cluster_upgrade_policy_label_set(
+    workloads: list[str],
+    schedule: str,
+    soak_days: int,
+    mutexes: list[str] | None = None,
+    sector: str | None = None,
+    blocked_versions: list[str] | None = None,
+    version_gate_approvals: list[str] | None = None,
+) -> ClusterUpgradePolicyLabelSet:
+    return ClusterUpgradePolicyLabelSet(**{
+        aus_label_key("workloads"): ",".join(workloads),
+        aus_label_key("schedule"): schedule,
+        aus_label_key("soak-days"): soak_days,
+        aus_label_key("mutexes"): ",".join(mutexes) if mutexes else None,
+        aus_label_key("sector"): sector,
+        aus_label_key("blocked-versions"): ",".join(blocked_versions)
+        if blocked_versions
+        else None,
+        aus_label_key("version-gate-approvals"): ",".join(version_gate_approvals)
+        if version_gate_approvals
+        else None,
+    })
+def _build_policy_from_labels(labels: LabelContainer) -> ClusterUpgradePolicyV1:
+    """
+    Build a cluster upgrade policy object from a set of OCM labels. Parsing
+    and validation of the labels is delegated to the pydantic dataclass
+    ClusterUpgradePolicyLabelSet.
+    """
+    policy_labelset = build_labelset(labels, ClusterUpgradePolicyLabelSet)
+    return ClusterUpgradePolicyV1(
+        workloads=policy_labelset.workloads,
+        versionGateApprovals=policy_labelset.version_gate_approvals,
+        schedule=policy_labelset.schedule,
+        conditions=ClusterUpgradePolicyConditionsV1(
+            soakDays=policy_labelset.soak_days,
+            mutexes=policy_labelset.mutexes,
+            sector=policy_labelset.sector,
+            blockedVersions=policy_labelset.blocked_versions,
+        ),
+    )
+class VersionDataInheritanceLabelSet(BaseModel):
+    inherit_version_data: CSV | None = Field(
+        alias=aus_label_key("version-data.inherit")
+    )
+    """
+    A list of OCM organization IDs to inherit version data from. These organization also need
+    to publish their version data via the `publish-version-data` label to the inheriting version.
+    Version data publishing/inheritance can also be defined between OCM environments.
+    """
+    publish_version_data: CSV | None = Field(
+        alias=aus_label_key("version-data.publish")
+    )
+    """
+    A list of OCM organization IDs to publish version data to. These organization also need
+    to explicitely inherit version data via the `inherit-version-data` label from this organization.
+    Version data publishing/inheritance can also be defined between OCM environments.
+    """
+@dataclass(frozen=True, eq=True)
+class OrgRef:
+    org_id: str
+    env_name: str
+class VersionDataInheritance(BaseModel):
+    org_id: str
+    inherit_from_orgs: set[OrgRef]
+    unverified_inheritance_from_orgs: set[OrgRef]
+def build_version_data_inheritance_network(
+    labels_per_org: dict[OrgRef, LabelContainer],
+) -> dict[OrgRef, VersionDataInheritance]:
+    """
+    Validates publish/inherit relationships between OCM organizations and environments from the
+    provided label containers.
+    This function returns a dictionary of OCM organizations and their version data
+    inheritance relationships.
+    """
+    label_set_per_org = {
+        org_ref: build_labelset(labels, VersionDataInheritanceLabelSet)
+        for org_ref, labels in labels_per_org.items()
+    }
+    org_ref_lookup = {org_ref.org_id: org_ref for org_ref in labels_per_org}
+    return {
+        org_ref: _build_version_data_inheritance(
+            org_ref,
+            label_set,
+            org_ref_lookup,
+            label_set_per_org,
+        )
+        for org_ref, label_set in label_set_per_org.items()
+        if label_set.inherit_version_data
+    }
+def _build_version_data_inheritance(
+    org_ref: OrgRef,
+    label_set: VersionDataInheritanceLabelSet,
+    org_ref_lookup: dict[str, OrgRef],
+    label_set_per_org: dict[OrgRef, VersionDataInheritanceLabelSet],
+) -> VersionDataInheritance:
+    inherit_from_orgs_org_ids = {
+        source_org_id
+        for source_org_id in label_set.inherit_version_data or []
+        if source_org_id in org_ref_lookup
+        and org_ref.org_id
+        in (label_set_per_org[org_ref_lookup[source_org_id]].publish_version_data or [])
+    }
+    unverified_inheritance_from_orgs_org_ids = (
+        set(label_set.inherit_version_data or []) - inherit_from_orgs_org_ids
+    )
+    return VersionDataInheritance(
+        org_id=org_ref.org_id,
+        inherit_from_orgs={
+            org_ref_lookup[source_org_id] for source_org_id in inherit_from_orgs_org_ids
+        },
+        unverified_inheritance_from_orgs={
+            org_ref_lookup.get(
+                source_org_id, OrgRef(org_id=source_org_id, env_name="unknown")
+            )
+            for source_org_id in unverified_inheritance_from_orgs_org_ids
+        },
+    )
+#
+# Feedback mechanism
+#
+def _signal_validation_issues_for_org(
+    ocm_api: OCMBaseClient,
+    org_upgrade_spec: OrganizationUpgradeSpec,
+) -> None:
+    """
+    Signal the validation errors of an organization to the users.
+    Right now it uses OCM service logs, but it could be extended to use
+    other mechanisms like slack etc.
+    """
+    org_id = org_upgrade_spec.org.org_id
+    ocm_env_name = org_upgrade_spec.org.environment.name
+    if org_upgrade_spec.cluster_errors:
+        logging.warning(
+            f"Cluster config errors found in {ocm_env_name} org {org_id}: "
+            f"{org_upgrade_spec.cluster_errors}"
+        )
+        for cluster_error in org_upgrade_spec.cluster_errors:
+            _expose_cluster_validation_errors_as_service_log(
+                ocm_api=ocm_api,
+                cluster_uuid=cluster_error.cluster_uuid,
+                errors=cluster_error.messages,
+            )
+    if org_upgrade_spec.organization_errors:
+        logging.warning(
+            f"Organization config errors found in {ocm_env_name} org {org_id}: "
+            f"{org_upgrade_spec.organization_errors}"
+        )
+        org_error_msg = "\n".join(
+            o.message for o in org_upgrade_spec.organization_errors
+        )
+        for cluster in org_upgrade_spec.specs:
+            create_service_log(
+                ocm_api=ocm_api,
+                service_log=OCMClusterServiceLogCreateModel(
+                    cluster_uuid=cluster.cluster_uuid,
+                    severity=OCMServiceLogSeverity.Warning,
+                    summary="AUS configuration error on organization",
+                    description=org_error_msg,
+                    service_name=QONTRACT_INTEGRATION,
+                ),
+                dedup_interval=timedelta(days=1),
+            )
+def _expose_cluster_validation_errors_as_service_log(
+    ocm_api: OCMBaseClient, cluster_uuid: str, errors: list[str]
+) -> None:
+    """
+    Highlight cluster upgrade policy validation errors to the cluster
+    owners via OCM service logs.
+    """
+    description = "\n".join([f"- {e}" for e in errors])
+    create_service_log(
+        ocm_api=ocm_api,
+        service_log=OCMClusterServiceLogCreateModel(
+            cluster_uuid=cluster_uuid,
+            severity=OCMServiceLogSeverity.Warning,
+            summary="Cluster upgrade policy validation errors",
+            description=description,
+            service_name=QONTRACT_INTEGRATION,
+        ),
+        dedup_interval=timedelta(days=1),
+    )

qontract-reconcile 0.10.0__py3-none-any.whl → 0.10.1.dev1203__py3-none-any.whl

qontract-reconcile 0.10.0py3-none-any.whl → 0.10.1.dev1203py3-none-any.whl